Artifex

Afpl Ghostscript

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.14%
  • Veröffentlicht 03.07.2024 19:15:03
  • Zuletzt bearbeitet 28.04.2025 17:12:15

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /t...

  • EPSS 1.96%
  • Veröffentlicht 07.03.2017 15:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

  • EPSS 1.81%
  • Veröffentlicht 24.02.2017 04:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have uns...

  • EPSS 3.75%
  • Veröffentlicht 11.08.2015 14:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, whic...

  • EPSS 2.66%
  • Veröffentlicht 23.10.2010 20:39:05
  • Zuletzt bearbeitet 16.06.2026 23:24:04

The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.

  • EPSS 6.76%
  • Veröffentlicht 26.08.2010 21:00:01
  • Zuletzt bearbeitet 16.06.2026 23:12:16

Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a doc...

Exploit
  • EPSS 0.51%
  • Veröffentlicht 22.07.2010 05:43:14
  • Zuletzt bearbeitet 16.06.2026 23:19:53

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, a...

  • EPSS 6.63%
  • Veröffentlicht 22.07.2010 05:40:03
  • Zuletzt bearbeitet 16.06.2026 23:14:33

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.